Remove the hardcodes tss user and group and to configure with
--with-tss-user=tss --with-tss-group=tss to set the tss user
and group to be used.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Check for an existing device with the same name and print an error
if the device already exists.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add support for the --tpmstate dir=<dir> command line parameter.
It will be used instead of the TPM_PATH, unless it is not set.
Adapt two test cases for the new parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add support for --pid file=<pidfile> command line parameter support.
The swtpm_cuse and swtpm now write their process IDs (pids) into
a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Disable the chown commands when building an RPM; we try to detect this
by the usage of DESTDIR.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add a current spec file for usage with yum-builddep for installing
all the necessary build dependencies.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Some more changes to tpm_ioctl.h including
- comment for request and response part of an ioctl
- unified format
- prefix all constants with PTM_
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the extension of PATH to the local dir('.') from swtpm_setup.sh
and adapt test cases accordingly.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Cleanup the code a bit:
o added description to several functions
o remove empty lines between functions
o cleanup the usage screen
o fix the parameters to logerr
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The receiving of TPM state blob ends when the last byte has been copied
into a response to the user. No more request need to be sent afterwards.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If a blob with length 0 is set, we make sure the corresponding file
that would hold this blob is not available.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Support the read/write interface and POSIX API calls for transfer of
TPM state blobs.
Extend the swtpm_ioctl program to support this as well. Use the
environment variable SWTPM_IOCTL_BUFFERSIZE to set the size of the
buffer to use and enable the read/write interface in this (test)
program.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
For being able to test the transfer of larger state blobs, extend the existing
test case with creating a large NVRAM location that becomes part of the permanent
state.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove the explicit saving of volatile state before saving the volatile
state blob to a file.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Since POSIX reserves the *_t namespace of types, remove it from
all our typedefs. While doing that, adjust the typedefs to all have
the prefix ptm_ .
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Move the code to get the TPM state blobs into is own function and introduce
a caching layer that retrieves the state blob from the TPM once and has
subsequent requests to copy the state work on the cached blob.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Add an ioctl that lets an application retrieve which keys are in use by the
TPM, i.e., file encryption or migration key
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
The migration key ensures that TPM state blobs, when retrieved using the
ioctl for getting state blobs, are always encrypted with this key.
When the state is later on loaded back into the TPM using the ioctl
to set the state blobs, the migration key is used to decrypt them.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Have the crypto functions use a key as a parameter rather than having them
operate on a specific fixed key.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Break the key parsing function apart into a common parsing function
and one specific to the file encryption key.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
